Simulate attacks against your REST and SOAP services so you know they're safe.
Build a Trusted API with Secure Pro, Based on The world’s Most Trusted API Testing Tool
Contrary to the old saying, not all press is good press. API security is especially critical today with the plethora of connected devices and mobile apps in the marketplace. Examples of API security breaches are becoming more common in the news, but are often avoidable when software development teams address API security vulnerabilities earlier upstream.
Protect your SOAP and REST web services and consumers against the most common API security vulnerabilities by using a complement of prebuilt tests and scans, all in time before code release so you know your production systems are as safe as possible.
With Secure Pro, you can run 16 different API security scans , including:
- SQL injection attacks,
- invalid XML or incorrect JSON data
- inappropriate methods and headers
Safe SOAP and REST APIs by Default
Secure Pro is the easiest way to make sure that your SOAP or REST API is free of common exploits before shipping it.
- Pre-built API security scans make it a matter of a few clicks to check new or existing code before it goes live.
- With limited expertise, teams can quickly check for potential API security vulnerabilities without delaying delivery.
- Find parsing and improper handling problems early in the development cycle.
Isolate Issues with Robust Reporting
Secure Pro is designed specifically with API testers and developers in mind. You don’t need to be a security expert to ensure that your SOAP and REST APIs can withstand a hacking attempt. With Secure Pro, you can run simple standard security scans in minutes to ensure a safe API throughout every stage of testing and development.
- Test a single URL for common vectors of attack.
- Use existing SoapUI test cases as the basis for your security scans.
- Expedite the process by pulling in existing API descriptions like WSDL, Swagger, RAML, and API-Blueprint.
Isolate Issues with Robust Reporting
Most API testers and developers recognize the importance of API security - in 2016, API providers indicated that API security was #1 issue that needed to be improved in the API industry. Secure Pro enables SOAP and REST API testers to leverage the experience of security experts. Secure Pro provides detailed reporting on the results of the tests so you can quickly isolate issues and then fix them. You become the security expert! The reports include:
- A summary of the results of all the tests that were run
- Detailed description of the type of scan that was run, the CWE-ID and recommendations for resolving the issue
- To help isolate the issue; the endpoint, test step, modified parameters and response from the service are itemized
Security for SOAP and REST web services
Whether you're using REST, SOAP, or a mix of both, Secure Pro has got your APIs covered. Detailed analysis of JSON and XML right out of the box means you can see deeply into problems with your service.
- Layer your API security tests on top of existing test cases so you can validate that those steps don't open any doors to malicious attacks.
- Run one or more scans in one test that is designed to mimic standard hacking techniques, many of which are pre-built within Secure Pro.
- Build security scans from the ground up for those times when you want ultimate control over how the security test behaves.
Extensibility and Customizability with Plugins
Is there a security scan you've built from scratch that you want to repeat or make available to other people on your team?
- The Ready! API framework allows API development teams to extend the out-of-the-box functionality to enable custom homemade security scan added to the drop-down.
- Use your customization in your own Ready! API instance or share with others on your team.
- Even better, share your plugin with the whole Ready! API community by adding it to the Plugin Browser.
API Security, Performance and Accuracy at Your Command
Security is just one of the aspects of a complete quality strategy over your APIs. You also need to make sure that the data coming back is accurate, that the web service performs its job correctly, and that your APIs are swift to respond under heavy load.
Underlying Secure Pro is a common core based on a decade of open-source testing experience, including SoapUI NG Pro, LoadUI NG Pro, Secure Pro, and ServiceV Pro. The Ready! API platform gives you one experience, from functional to performance and security testing to service virtualization.